Saturday, March 16, 2013

Please take and share this "Hacker Deception Survey" (Now Updated with Results)

When it comes to blaming cyber attacks on any given nation state, many times the evidence given includes WHOIS registration data. There's been a surprising (at least to me) amount of credibility given to registration data which corresponds to the country that individuals seek to blame. So much so that I'm beginning to wonder what the consensus really is on a very basic question - do hackers seek to disguise their location?

So I've created a simple True/False question to help me arrive at an answer. Please help me out by taking this one question survey and sharing the link with as many people as possible. No technical background is required. Thanks!

UPDATE (20 MAR 2013):
After four days, the survey received 57 responses. Here are the results:

Not surprisingly, 90% of the respondents agreed with the premise that a hacker will usually disguise his location by providing false WHOIS data. My suggestion is that if you're reviewing a report which relies on WHOIS data (partly or wholly) to prove its attribution claim, that you'd be well advised to question its findings.